Cloudflare Audit Logs

Connect AI tools to Cloudflare Audit Logs to query audit logs and generate reports for review. The Cloudflare Audit Logs MCP server gives AI assistants secure access to your Cloudflare audit log data through the Model Context Protocol (MCP).

1. Overview

Cloudflare Audit Logs is a remote, vendor-hosted MCP server provided by Cloudflare. You connect to it from Cequence AI Gateway; the server uses Streamable HTTP (the standard transport for remote MCP per Cloudflare’s MCP docs).

• Server URL: https://auditlogs.mcp.cloudflare.com/mcp
• Transport: HTTP (Streamable HTTP)
• Hosted by: Cloudflare

2. Supported authentication types

Type	Supported	Notes
OAuth 2.0	Yes	Required. Uses Dynamic Client Registration (DCR); sign in with your Cloudflare account.
API key	No	Not used for this remote MCP server.

When you add Cloudflare Audit Logs in Cequence AI Gateway, authentication is handled via OAuth 2.0 with Dynamic Client Registration. You sign in with your Cloudflare account and grant access during the gateway flow.

3. What can you do with this MCP server

With the Cloudflare Audit Logs MCP server, you can:

• Query audit logs — Run queries against your Cloudflare account audit logs (who made what change when).
• Generate reports — Produce summaries or reports from audit log data for review, compliance, or security analysis.
• Filter by time and actor — Query a slice of time (since/before), filter by actor email or ID, and by context (API key, dashboard, OAuth, etc.).
• Filter by action — Find events by action type (create, delete, view, update, login) and action result (success or failure).
• Identify API key usage — See whether users performed actions via API keys, tokens, or the dashboard (e.g. “Were there any suspicious changes made to my Cloudflare account yesterday around lunchtime?”).
• Reconstruct sequences — Reconstruct a clear sequence of events from large, complex audit logs with natural language.

4. Prerequisites

Before adding Cloudflare Audit Logs in Cequence AI Gateway, ensure you have:

• Access to Cequence AI Gateway (e.g. beta.aigateway.cequence.ai)
• A Cloudflare account with access to audit logs
• A modern browser to complete the OAuth authorization flow
• For OAuth authentication: an auth app with client credentials (client ID and client secret) in your Cloudflare (vendor) account, unless the server supports Dynamic Client Registration (DCR).

5. Example workflows

• “Show the last 50 audit log entries for my Cloudflare account.”
• “Generate a summary of admin actions from the audit logs this week.”
• “Find all audit events related to DNS changes.”

6. Connecting MCP server from Cequence AI Gateway

1. Log in to Cequence AI Gateway.
2. Choose your tenant.
3. Go to App catalogue.
4. Filter by Remote MCP server.
5. Search for Cloudflare Audit Logs and then select it.
6. Click Create MCP server.
7. Choose auth method. If OAuth, you need an auth app with client credentials in your vendor account (see Prerequisites).
8. Complete the setup as prompted, select tools, and deploy.

Use the generated MCP server URL in your client as described in the Client Configuration docs. For detailed UI steps and screenshots, see Create a third-party MCP Server.

7. Additional information

• Transport: Streamable HTTP. See Transport.
• Timeout: 30-second timeout for requests.
• Cloudflare MCP: Model Context Protocol (MCP), Build a Remote MCP server.
• Official repository: mcp-server-cloudflare.